Method and apparatus for dna-based authentication system

ABSTRACT

Techniques for biochemcally-enabled security/authentication mechanisms are described herein. In an example embodiment, a security system receives a biological sample from a key. The biological sample includes a set of deoxyribonucleic acid (DNA) oligos that represent a code associated with the key. The set of DNA oligos is sequenced to obtain a set of read sequences, where sequencing is performed at less than four minutes per cycle of sequencing. The set of read sequences is then filtered to identify a set of filtered sequences. The set of filtered sequences is matched to sets of expected sequences, where the sets of expected sequences are assigned to respective keys issued for the security system. Access to a resource is then granted or denied based on whether the set of filtered sequences matches with any set from the sets of expected sequences.

PRIORITY

This application is a continuation of U.S. application Ser. No.14/857,764 filed on Sep. 17, 2015, which claims the priority and benefitof U.S. Provisional Application No. 62/051,941, filed on Sep. 17, 2014,all of which are incorporated by reference herein.

TECHNICAL FIELD

This disclosure generally relates biochemically-enabled andelectrochemically- enabled security mechanisms.

BACKGROUND

Conventional security mechanisms invariably use only mechanical,electrical/electronic, or biometric elements to provide secure access insecurity contexts. For example, a typical mechanical security mechanismuses a key-lock system, in which only a key matched to a lock wouldprovide access through a locked door. A typical electronic securitymechanism uses a password-protected system, in which a user must typethe correct password in order to gain access to the system. A typicalbiometric security mechanism uses a fingerprint-protected system, whichscans a user's fingerprint and grants access only if the scannedfingerprint matches the fingerprint of an authorized user. While each ofthe mechanical, electrical/electronic, and biometric security mechanismshas its own advantages in certain security contexts, the ever-continuingadvancement of technology creates the need for new and improved securitymechanisms for existing, as well as emerging security contexts.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an examplebiochemically-enabled/electrochemically-enabled security system,according to some embodiments.

FIG. 2 illustrates an example sample-processing device, according tosome embodiments.

FIG. 3 illustrates an example computing device, according to someembodiments.

FIG. 4 illustrates an example deoxyribonucleic acid (DNA)oligonucleotide synthesizer system, according to some embodiments.

FIG. 5 illustrates an example DNA sequencer system, according to someembodiments.

FIG. 6 illustrates an example method for encoding a DNA key, accordingto some embodiments.

FIG. 7 illustrates an example method for providing secure access in abiochemically-enabled security system, according to some embodiments.

DETAILED DESCRIPTION

The following description sets forth numerous specific details such asexamples of specific systems, components, methods, and so forth, inorder to provide a good understanding of various embodiments of thetechniques described herein for chemically-enabled security. It will beapparent to one skilled in the art, however, that at least someembodiments may be practiced without these specific details. In otherinstances, well-known components, elements, or methods are not describedin detail or are presented in a simple block diagram format in order toavoid unnecessarily obscuring the techniques described herein. Thus, thespecific details set forth hereinafter are merely exemplary. Particularimplementations may vary from these exemplary details and still becontemplated to be within the spirit and scope of the present invention.

Reference in the description to “an embodiment”, “one embodiment”, “anexample embodiment”, “some embodiments”, and “various embodiments” meansthat a particular feature, structure, or characteristic described inconnection with the embodiment(s) is included in at least one embodimentof the invention. Further, the appearances of the phrases “anembodiment”, “one embodiment”, “an example embodiment”, “someembodiments”, and “various embodiments” in various places in thedescription do not necessarily all refer to the same embodiment(s).

The description includes references to the accompanying drawings, whichform a part of the detailed description. The drawings show illustrationsin accordance with exemplary embodiments. These embodiments, which mayalso be referred to herein as “examples,” are described in enough detailto enable those skilled in the art to practice the embodiments of theclaimed subject matter described herein. The embodiments may becombined, other embodiments may be utilized, or structural, logical, andother changes may be made without departing from the scope and spirit ofthe claimed subject matter. It should be understood that the embodimentsdescribed herein are not intended to limit the scope of the subjectmatter but rather to enable one skilled in the art to practice, make,and/or use the subject matter.

Biochemically-Enabled and Electrochemically-Enabled Security

Described herein are various embodiments of techniques forbio/electro/chemically-enabled security. In some embodiments, areceptacle is configured to receive a key and to obtain a biological orchemical sample from the key. The key contains biological or chemicalmaterial in which a code is encoded via an electrochemical orbiochemical element. Some examples of electrochemical and biochemicalencoding elements include, without limitation:

-   -   1. Deoxyribonucleic acid (DNA) or another nucleic acid;    -   2. A chemical material which has a certain pH;    -   3. A liquid material that can maintain a certain electrical        charge.        The key is a physical device that may or may not be similar to a        conventional key (e.g., such as a key having bittings on the        blade). Preferably, DNA is utilized as the biochemical element.        In an example embodiment, the key resembles a conventional key        except that it includes a microfluid chamber containing        biological material. Once the key is successfully inserted into        a receptacle/lock, the key is able to inject a small sample        amount of the biological material into a receptor that is        available in the lock. The receptor receives the injected        sample, in this case DNA material in the form of a solution of        oligonucleotide molecules (also referred to as just        oligonucleotides, or oligos). Following this step, DNA        sequencing can be done on the DNA oligos. Without a loss of        generality, the DNA sequencing in this application includes all        the steps of sample/library preparation, including but not        limited to enrichment, purification, elution, and amplification.        For sequencing to be done, the deposited biochemical sample is        transferred to a sequencing unit. This operation can be done by        a user or automatically by a machine. Alternatively, the DNA        sequencing can be done in-place, for example if the        receptacle/lock is equipped with a suitable sequencing system.        It must be noted that although DNA sequencing is the method of        choice for some embodiments, other ways of reading a signal from        DNA oligos, such as DNA microarrays, could also be utilized. DNA        microarrays are often hybridization based, and have specific        interrogation sites. Without loss of generality, throughout the        present description the term “DNA sequencing” is used as an        example representing a signal acquisition method for acquiring        signals/data from biochemical and/or electrochemical samples.        After DNA sequencing is complete, signal/data representing one        or more properties of the injected sample is acquired and        processed. The acquired signal/data is then used to control        access to a given resource. For example, secure access to one or        more resources is granted if the acquired signal/data matches        (or otherwise conforms) to a security profile that controls        access to the one or more resources. Conversely, if the acquired        signal/data does not match (or otherwise does not conform) to        the security profile, then access to the one or more resources        is denied.

A security mechanism in accordance with the techniques described hereinmay have different applications and usages. In some embodiments,examples of usage for the DNA keys described herein would be forcontrolling access to safe deposit boxes at banks and other financialinstitutions, where extra high security is needed and a slight delay dueto the signal/data acquisitions and reading may be tolerated.

In some embodiments, security mechanisms that use non-DNA encodingelements may be faster (e.g., such as mechanisms that read theelectrical charge or pH of a sample containing electrochemical encodingelement), and therefore could be used for other types of keys, althoughthey likely will not be as secure as the DNA counterparts due to thelimited search space they provide. For instance, a pH reader or anelectrical charge reader (for conventional use) may give only 10 levelsof identification. In comparison, a DNA sequence could easily providebillions of levels of identification. Without loss of generality, forthe rest of the present description DNA-based security mechanisms willbe discussed. It is noted, however, that DNA- based security mechanismsare also expected to get faster, especially with the advent of fastportable sequencing machines.

In some embodiments, codes can be transferred/stored in a key in theform of oligos having one or more DNA or RNA nucleic acid sequences. Anucleic acid sequence (also referred to as just “sequence”) is asuccession of discrete data units that indicate the order of nucleotidebases within a DNA or RNA oligo molecule; for example, in a strand ofDNA or RNA oligo, “A” is typically used to indicate an adenine base, “G”is typically used to indicate a guanine base, “C” is typically used toindicate a cytosine base, “T” is typically used to indicate a thyminebase (for DNA only), and “U” is typically used to indicate an uracilbase (for RNA only). Each oligo represents 4^(N) discrete units ofinformation, where N is the length (in number of bases) of the oligo.For instance, for N=10, there would be approximately ˜1000 billiondiscrete units of information that can be encoded in a 10-mer (e.g., anoligo with length 10). Oligos with length 80 (80-mers) and above areroutinely synthesized with high quality, using state-of-the-art DNAsynthesizer systems. Thus, an oligo with length 4⁸⁰ providesapproximately ˜1.5*10⁴⁸ discrete codes. This means that if 1000 billionkeys are defined for every person in the world, then the codes stored insuch keys are still 2*10²⁶ unique. Consequently, codes encoded in oligoswith length much less than N=80 are sufficient to fully enable thesecurity mechanisms in accordance with the techniques described herein.For example, if oligos with length N=37 are used, then 2700 billion keyscan be made for every person in the world.

In order to increase the security of the system, in some embodimentsmore than one sequence can be specified to and associated with each key.This scheme loses power (of uniqueness) only linearly, and therefore theexponential power of the search space remains very strong. For instance,if every key is made using M different sequences, then the number ofunique keys that can be made would be

$\frac{4^{N}}{M}.$

Ordinarily, M does not have to be large—e.g., M=10 would be a reasonablenumber.

One advantage of the herein-described biochemical security mechanisms(over mechanical, electrical/electronic, and biometric securitymechanisms) is that a person him/herself can make any combination of theDNA keys described herein. For instance, suppose that 4 banks haveprovided a user with 5 different DNA keys, each. Normally, the solutionwith the DNA oligos for each key is provided with its own DNA tube (tobe used for filling the keys). This is due to the fact that since a DNAoligo solution is a consumable material, then it will have a limitedlifetime, e.g., 1000 uses, or 30 years, etc. If the solutions (tubesetc.) are made available to the user, the user may also want to make(e.g., fill) a bank-specific key from all the 5 keys of a specific bankwithout losing any operability of the original 5 keys. Alternatively,the user can mix the DNA solutions for some or all of the 20 keys in anycombination s/he would like without losing any operability of thecombined keys. For example, the user may want to combine the DNA oligosolutions for all the 20 keys into a single master-key. In that case,the user would pool an amount from all the tubes into a single pool, andthen fill the master-key with the pooled DNA solution.

According to the techniques described herein, the process of makingmaster-keys is therefore very simple. The user can simply combine anamount from the DNA solution for each of the keys with those of theother keys. Then, the combined solution is inserted into a singlephysical key. This key will then act as a master-key for all of itscomponents' codes. For example, the user can use this master-key in anyof the 4 banks for any of the secure accesses associated with any of the5 keys from each bank. (It is also noted that the operation of combiningthe DNA solutions for the issued keys may be performed by the user, oralternatively may be performed by the bank or another institution.)

In order to prevent abuse and to reduce the possibility for securitybreach, in some embodiments the maximum number of keys that can becombined into a master-key can be limited. This limitation can be fullycontrolled and enabled by parameters of the decoding mechanism used bythe underlying security system. For example, in some embodiments thedecoding mechanism for a master-key may works as described below.Suppose that a key used by a user at a given security system is amaster-key with K (K>1) keys multiplexed (as described heretofore),where each multiplexed key has M (M>1) separate codes encoded in its DNAoligos. After a biochemical sample from the key is injected for analysisinto the system, the following operations may be performed to determinewhether the presented master-key is valid:

-   -   1. The DNA oligos that exist in the sample received from the        master-key are read by a DNA sequencer. For a master-key with        the above specifications, there should be M*K clusters of        sequences, with each cluster possibly having a count Ni (i=1 . .        . M*K) sequences in it. If the DNA solution in the master-key is        uniform, then all the Ni values should be roughly similar. This        heuristic can, therefore, be used to check the validity of the        data acquired by sequencing the DNA oligos in the injected        sample. For instance, the ratio of Ni to Nj for any combination        of “i” and “j” should be less than 2.    -   2. Each Ni count value should be more than a specified threshold        in order to obtain immunity to noise. This threshold could also        be used to filter out sequences that were read incorrectly. For        example, if there are two codes—one with count N1=1000 and the        other with count N2=22, and if the threshold is 100, then it can        be concluded that only count N1 is valid (while count N2 is        not). In other words, only the code corresponding to N1 is        valid.    -   3. The total number of valid sequences (valid Ni's) could then        be limited to a certain threshold. For instance, there could be        only a mixture of up to 200 keys allowed in the master-key. That        is, if more than 200 valid Ni are detected, then the master-key        would be determined as invalid.

Example Decoding Mechanism

In accordance with the techniques described herein, in some embodimentsa security system may use the following decoding mechanism to determinewhether to grant or deny access to a resource when presented with a DNAkey.

-   -   1. After a biochemical sample from the DNA key is injected for        analysis into the system, a DNA sequencer sequences all the DNA        oligos detected in the sample.    -   2. The sequences represented in the DNA oligos may or may not        have error detection and/or error correction codes designed into        their structure. If error detection/correction codes are        included in the DNA oligos during encoding, then such        detection/correction can be used to detect/correct errors in the        acquired sequences.    -   3. The set of read sequences (RS) acquired from the DNA key are        filtered. In one embodiment, for filtering, the read sequences        are binned, and the most frequent bins are identified/filtered        based on their counts (e.g., by using a threshold similar to the        threshold described above for the master-key decoding        mechanism). The set of filtered sequences (FS) in the most        frequent bins are then moved to the next step. The filtering        operation could be implicit, e.g., by not entering the sequences        with many errors into the main computation. Also, the filtering        operation may be done by the sequencing instrument, e.g., by        suppressing the spots/reads that are not informative or manifest        high errors.    -   4. The set of FS is compared with the sets of sequences        associated with the keys issued in the system in order to        determine whether the filtered sequences represent a valid key.        In some embodiments the set of RS may be used in this comparison        step. Also, various comparison mechanisms can be used in this        step. In a simple case of 1-key (a one-code key, no master-key),        the expected codes for each key are compared to the set of FS or        RS (FS/RS), and if a match is found the presented DNA key is        determined as valid. The code for each issued key can be defined        as a set of expected sequences (ES) associated with that key,        and the search space of the system can be defined as a superset        including all sets of ES. To determine whether the presented DNA        key is valid, the search space is searched for a match between        any set of ES and the set of FS/RS that represents the presented        DNA key. Ideally, a match is found for only one key, and the set        of ES for that key is exactly equal to the set of FS/RS. In some        embodiments, however, a different comparison mechanism may        determine a successful validation when a given set of ES (from        the search space) is found to be a subset of the set of FS/RS.        In some embodiments, the decoding mechanism can be configured to        allow for a percent of impurity. For example, the impurity may        be defined as abs(RS−ES)/RS, where “abs” represents the absolute        value operation. If there are 3 keys multiplexed, the size of        the set of RS is 3 times the size of the set of ES, and        therefore, the impurity that should be tolerated is        (3ES−ES)/3ES=(3−1)/3=2/3 or ˜67%. For a master-key multiplexing        scheme of 20 keys, an impurity of up to (20−1)/20=19/20 or 95%        should be tolerated.    -   5. If in the previous step the presented DNA key is found to be        valid, then access to the requested resource is granted;        otherwise, access to the resource is denied.

Example Encoding Mechanism

In accordance with the techniques described herein, in some embodimentsthe following encoding mechanism may be used to design the sequences inthe DNA oligos for a key in a security system.

1. During a design phase, a code (e.g., a set of DNA sequences) isassigned to the key, e.g., three sequences at 80 bases each, or3×80-mers. At this phase, error detection and/or error correction codesmay also be designed into the structure of the sequences associated withthe key. Such error detection/correction codes may be included in orderto provide for detecting/correcting errors that may occur during DNAsequencing.

-   -   2. Each of the sequences in the set (e.g., each of the three        80-mers) is then synthesized using a DNA synthesizer system into        a DNA oligo.    -   3. The resulting DNA oligos are then mixed into a DNA solution        that represents the code assigned to the key. This step can be        performed at the institution issuing the key (e.g., a bank or        other financial institution), or at separate institution (e.g.,        biochemical lab). Alternatively, in some embodiments the        synthesized DNA oligos may be provided to the user in suitable        containers (e.g., tubes etc.) with instructions for the user on        how to mix the oligos on his/her own into a DNA solution for the        key.    -   4. The DNA solution is then transferred (e.g., injected) into a        microfluid chamber of the key.    -   5. When the DNA solution reaches a certain minimum in the key,        an indicator (e.g., a marker on the microfluid chamber thereof)        can make the user aware of the need to refill the key. Since        minute amounts of DNA material is needed for DNA sequencing, it        is possible to design keys that are good for millions of uses,        and therefore avoid the need for a refill.

Extra Security

In order to increase the security of a DNA key, some embodiments may usea biochemically-encoded (“wet”) password. For example, during the designphase of the key, a user can be prompted to provide a password. Thispassword is designed as (or converted into) a sequence that has alook-up length equivalent to the lengths of the code sequencesassociated with the key. The sequence representing the password is thenassociated with the key, and is synthesized into a DNA oligo in the sameway as the set of code sequences associated with the key. In addition,at the time of decoding the sequence representing the password is addedas an additional expected sequence (ES) into the set of ES for the key.In various implementations, the user can be provided with a password, orthe user can choose his/her own password. In the latter case, theinstitution will synthesize and deliver to the user the DNA oligocorresponding to the password (or a set of passwords) as well. Thesequence corresponding to the password may then be added to all the keysof the user. (In the event of multiple passwords, all the correspondingsequences may be added to the key.) During decoding, thesample-processing device would first try to find a match in the set ofread sequences (RS) acquired from a sample in the key to the particularsequence(s) that correspond to the user's password(s). If a match to thepassword sequence(s) is not found in the set of RS, then the decodingmechanism would not need to proceed further (i.e., it can consider thekey invalid). If such a match is found, then password sequence(s) areremoved from the set of RS acquired from the key, and the rest of thedecoding mechanism proceeds as described heretofore.

Alternatively, in some embodiments the user's password could be similarto an electronic password that is selected by the user or theinstitution issuing the DNA key. In these embodiments, the password (orany sequence corresponding thereof) is not inserted/mixed into the DNAsolution for the key. Rather, the institution that issues the key (e.g.,bank) is aware of this password option and, when requesting access basedon the DNA key, the user is asked to enter/type this password as thefirst check similarly to what is currently done with electronicpasswords. If the user passes this first check, then the security systemcan proceed with decoding the biochemically-encoded DNA key as describedheretofore. Alternatively, the regular password can be offered after thevalidation of the “wet” password. As an additional security measure, insome embodiments the same (or different) electronic password may also beconverted into a DNA sequence that is combined with the sequencescorresponding to the “wet” password for the key (e.g., with the passwordsequence(s) embedded in the DNA solution for the key). In someembodiments, extra security can also be obtained by using biometricmeasurements, such as fingerprints and retina scanning, in a similarmanner as the use of an electronic password as described heretofore.

Using Genome Sequences for DNA Keys

As discussed heretofore, in some embodiments the sets of sequencesassigned to DNA keys may be random sequences of a certain length. Inother embodiments, however, the set of sequences assigned to a DNA keycan be derived from the genome of the user to which the DNA key isissued (or genome of other individuals, e.g., relatives, or species,e.g., pets). For example, the genome of the user may be wholly orpartially sequenced, and sequences from highly variable portions (e.g.,with respect to the entire human population) of certain chromosomes maybe used to derive the set of sequences assigned to the DNA key of theuser. This, in effect, ensures that the user is the source for his/herDNA key. This provides not only extra security but also extremely highpersonalization of the DNA keys issued by an institution to its users.

Alternative Method for Biochemically-Enabled Decoding

In an alternative security mechanism, in some embodiments a customer anda key-issuing institution can each have biological elements (e.g., suchDNA oligos, RNA oligos, ligase, etc.) that interact during the processof verifying the DNA key of the customer. For instance, the DNA key ofthe customer can store therein multiple sets of DNA oligos, possibly inaddition to the DNA oligos that represent the sequences assigned to thekey. Correspondingly, the key-issuing institution can have ligase thatcan cause fusion of (at least some) of the DNA oligos carried within thecustomer key. When the customer presents his/her DNA key to requestaccess to a resource (e.g., a deposit box), the security system at theinstitution would extract a biological sample from the customer key andwould apply the corresponding ligase thereto. The resultant biochemicalproduct can be used to trigger an event, such as making a longer DNAoligo product. Then, this resultant product can cause either a flaggetting set during decoding or some other event to happen (which couldalso be as a result of the flag being set). An example of this would bea sequencing system, which in addition to performing DNA sequencingwould also report the length of the sequenced DNA oligos (e.g., thelength of each acquired and read sequence). If the ligation between theDNA oligos of the customer's DNA key has happened, the read sequencesare expected to be longer (e.g., for 2× fusion) and yet longer (e.g.,for 3× fusion and more) albeit lower frequency. The lengths and therelationship between the lengths can then be used to set a flag and/orcause another event in order to indicate whether the DNA oligos for theDNA key are valid or not, thereby providing an extra layer ofverification and security.

Example System Implementations

FIG. 1 illustrates an example security system. System 100 comprises areceptacle 110, one or more sample-processing devices 200, and one ormore computing devices 300. A key 105 is configured to deliver abiological sample to receptacle 110. The biological sample is a portionof biological material that is stored within a microfluid chamber 105A,which is disposed within key 105. In some embodiments, the biologicalmaterial comprises DNA oligos that are synthesized, manufactured, and/orotherwise encoded in accordance with the techniques described herein.

Receptacle 110 is configured to receive the biological sample from key105. For example, receptacle 110 may comprise a receptor module that isconfigured to extract the biological sample from container 105A throughconduit 105B of key 105, and then to pass the extracted biologicalsample through conduit 115 to sample-processing device(s) 200. Invarious embodiments, the receptor module may extract the biologicalsample through various mechanical, electrical, and/or electro-mechanicalmeans. By way of example, the transfer of biological sample from the keyto through the receptacle to the sample-processing device could be donevia capillary effect or in a pressurized manner (e.g., by using amicro-lever). In various embodiments, the receptacle may be integratedwithin the sample-processing device, thereby obviating the need for aconduit.

A sample-processing device 200 is configured to process the biologicalsample received through receptacle 110 and to determine one or moreproperties of the sample. According to the techniques described herein,sample-processing device(s) 200 send to computing device(s) 300information that represents the one or more properties of the biologicalsample. For example, in some embodiments a DNA sequencer withinsample-processing system 200 may sequence one or more target oligos thatare comprised in the sample to determine the DNA sequence of the oligos.The read sequence may then be passed to computing device(s) 300 forfurther processing. In another example, a biochemical device maydetermine one or more chemical properties of the sample according to thetechniques described herein, and to pass information about theproperties to computing device(s) 300.

Computing device(s) 300 are configured to receive information fromsample-processing device(s) 200, where the received information maycomprise data in a suitable format. Computing device(s) 300 may processthe received information in order to control access to one or moreresources 350. For example, in one embodiment the resource beingcontrolled may be a bank vault, a deposit box, or some otherindividually secured container that is used to store valuables. Inanother embodiment, the resource being controlled may be a file, anelectronic document, a peripheral device, or another computing devicethat stores valuable information. According to the techniques describedherein, computing device(s) 300 make a decision whether to grant or denyaccess to the controlled resource(s) 350 based on the informationreceived from the sample-processing device(s) 200. By way of example,computing device(s) 300 may compare the set of read sequences (RS)acquired from the biological sample to the sets of expected sequences(ES) for all keys issued for system 300. If the set of RS for thebiological sample from key 105 match (or otherwise satisfy otherequivalency criteria for) a given set of ES, then computing device(s)300 would grant access to the resource 350 requested by key 105;otherwise, computing device(s) 300 would deny access to the requestedresource. In some embodiments, the controlled resource may be areplicate security system that itself includes one or moresample-processing devices and/or computing devices.

FIG. 2 illustrates an example sample-processing device. In variousembodiments, a sample-processing device may comprise one or more DNAsequencers 220 and/or one or more biochemical analyzers 230. Optionally,some embodiments may also include one or more sample prep unit(s) 210that are configured to perform any necessary biochemicaltransformations—e.g., such as library preparation for, or based on, thebiological sample received from the DNA key.

In some embodiments a DNA sequencer 220 is configured to sequence areceived oligo to determine a set of reads that represents the DNAsequence of the oligo. Sequencer 220 may then determine the exactsequence of DNA bases represented in the set of reads by performingvarious data processing operations. Alternatively, after obtaining theset of reads, sequencer 220 may pass the raw reads to a computing devicefor further processing. After these operations by sequencer 220, a setof read sequences (RS) is obtained to correspond to the biologicalsample received from the DNA key. In some embodiments, asample-processing device 200 may include a biochemical analyzer 230.Analyzer 230 is configured to determine one or more chemical orbiochemical properties of the sample received from the key, and togenerate information that represents these properties. Thereafter,analyzer 230 may send the generated information to a computing devicefor further processing.

FIG. 3 illustrates an example computing device. Computing device 300includes, but is not limited to, one or more processors 302operationally coupled to device memory 306 over one or more buses suchas bus 304. Depending on specific implementations and form factors,computing device 300 may also include storage device(s) 308, displaydevice(s) 310, input device(s) 312, and communication device(s) 314.

A processor 302 is a hardware device configured to execute sequences ofinstructions in order to perform various operations such as, forexample, arithmetical, logical, and input/output operations. A typicalexample of a processor is a central processing unit (CPU), but it isnoted that other types of processors such as vector processors and arrayprocessors can perform similar operations. Examples of hardware devicesthat can operate as processors include, but are not limited to,microprocessors, microcontrollers, digital signal processors (DSPs),systems-on-chip, and the like. Processor 302 is configured to receiveexecutable instructions over one or more data and/or address buses suchas bus 304. Bus 304 is configured to couple various device components,including memory 306, to processor(s) 302. Bus 304 may include one ormore bus structures (e.g., such as a memory bus or memory controller, aperipheral bus, and a local bus) that may have any of a variety of busarchitectures. Device memory 306 is configured to store data andexecutable instructions for processor(s) 302. Device memory 306 mayinclude volatile and/or non-volatile memory such as read-only memory(ROM) and random-access memory (RAM). For example, a basic input/outputsystem (BIOS) containing the basic executable instructions fortransferring information between device components (e.g., duringstart-up) is typically stored in ROM. RAM typically stores data andexecutable instructions that are immediately accessible and/or beingoperated on by processor(s) 302 during execution. Device memory 306 isan example of non-transitory computer-readable medium.

Computer-readable media may include any available medium that can beaccessed by a computing device (and/or the processors thereof) andincludes both volatile and non-volatile media and removable andnon-removable media. One example of non-transitory computer-readablemedia is storage media. Storage media includes media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, data structures, program modules, and/orother data. Examples of storage media include, but are not limited to,RAM, ROM, electrically erasable programmable read-only memory (EEPROM),removable memory such as flash memory and solid state drives (SSD),compact-disk read-only memory (CD-ROM), digital versatile disks (DVD)and other optical disks, magnetic cassettes, magnetic tapes, magneticdisks or other magnetic storage devices, electromagnetic disks, and anyother medium which can be used to store the desired information andwhich can be accessed and read by a computing device. Another example ofcomputer-readable media is communication media. Communication mediatypically embody computer-readable instructions, data structures,program modules, or other data, in a modulated data signal such as acarrier wave or other transport mechanism and includes any informationdelivery media. By way of example, and not limitation, communicationmedia includes wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, radio frequency (RF),infrared and other wireless media.

Computing device 300 may include, and/or have access to, variousnon-transitory computer-readable media that is embodied in one or morestorage devices 308. Storage device(s) 308 may be coupled toprocessors(s) 302 over one or more buses such as bus 304. Storagedevice(s) 308 are configured to provide persistent storage of executableand other computer-readable instructions, data structures, programmodules, and other data for computing device 300 and/or for its users.In various embodiments and form factors of computing device 300, storagedevice(s) 308 may include persistent storage media of one or more typesincluding, but not limited to, electromagnetic disks (e.g., hard disks),optical storage disks (e.g., DVDs and CD-ROMs), magneto-optical storagedisks, solid-state drives, flash memory cards, universal serial bus(USB) flash drives, and the like. By way of example, storage device(s)308 may include a hard disk drive that stores the executableinstructions of an Operating System (OS) for computing device 300, theexecutable instructions of one or more computer programs, clients, andother computer processes that can be executed on the computing device,and any OS and/or user data in various formats.

Computing device 300 may also include one or more display devices 310and one or more input devices 312 that are coupled to processor(s) 302over one or more buses such as bus 304. Display device(s) 310 mayinclude any devices configured to receive information from, and/orpresent information to, user(s) of computing device 300. Examples ofsuch display devices include, but are not limited to, cathode-ray tube(CRT) monitors, liquid crystal displays (LCDs), light emitting diode(LED) displays, field emission (FED, or “flat panel” CRT) displays,plasma displays, electro-luminescent displays, and any other types ofdisplay devices. Input device(s) 312 may include a general pointingdevice (e.g., such as a computer mouse, a trackpad, or an equivalentspatial-input device), an alphanumeric input device (e.g., such as akeyboard), and/or any other suitable human interface device (HID) thatcan communicate commands and other user-generated information toprocessor(s) 302.

Computing device 300 may include one or more communication devices 314that are coupled to processor(s) 302 over one or more buses such as bus304. Communication device(s) 314 are configured to receive and transmitdata from and to other devices and computers. For example, communicationdevice(s) 314 may include one or more USB controllers for communicatingwith USB peripheral devices, one or more network storage controllers forcommunicating with storage area network (SAN) devices and/ornetwork-attached storage (NAS) devices, one or more network interfacecards (NICs) for communicating over wired communication networks, and/orone or more wireless network cards for communicating over a variety ofwireless data-transmission protocols such as, for example, IEEE 802.11and/or Bluetooth. Using communication device(s) 314, computing device300 may operate in a networked environment using logical and/or physicalconnections to one or more remote computing devices and computers. Forexample, computing device 300 may be connected to one or more remotecomputers that provide access to block-level data storage over a SANprotocol and/or to file-level data storage over a NAS protocol. Inanother example, computing device 300 may be connected to one or morenetworks 316 over connections that support one or more networkingprotocols. Network(s) 316 may include, without limitation, a local areanetwork (LAN), a wide area network (WAN), a global network (e.g., theInternet), and/or any other type of network or combination of networks.

Some embodiments of the techniques described herein may be implementedas a computer program product that may include sequences of instructionsstored on non-transitory computer-readable media. These instructions maybe used to program one or more computing devices that include one ormore special-purpose or general-purpose processors (e.g., CPUs) orequivalents thereof (e.g., such as processing engines, processing cores,etc). When executed by the processor(s), the sequences of instructionscause the computing device(s) to perform the operations (e.g., tocontrol one or more of DNA oligo synthesis, sample processing, DNAsequencing, access to resources, etc.) according to some of theembodiments of the techniques described herein. Additionally or insteadof, some embodiments of the techniques described herein may be practicedin distributed computing environments that may involve more than onecomputing device. One example of a distributed computing environment isa client-server environment, in which some of the various functions ofthe techniques described herein may be performed by a client programproduct executing on a computing device and some of the functions may beperformed by a server program product executing on a server computer.Another example of a distributed computing environment is a cloudcomputing environment. In a cloud computing environment, computingresources are provided and delivered as a service over a network such asa local-area network (e.g., LAN) or a wide-area network (e.g., theInternet). Examples of cloud-based computing resources may include,without limitation: physical infrastructure resources (e.g., physicalcomputing devices or computer systems, and virtual machines executingthereon) that are allocated on-demand to perform particular tasks andfunctions; platform infrastructure resources (e.g., an OS, programminglanguage execution environments, database servers, web servers, etc.)that are installed/imaged on-demand onto the allocated physicalinfrastructure resources; and application software resources (e.g.,application servers, single-tenant and multi-tenant software platforms,etc.) that are instantiated and executed on-demand in the environmentprovided by the platform infrastructure resources. Another example of adistributed computing environment is a computing cluster environment, inwhich multiple computing devices each with its own OS instance areconnected over a fast local network. Another example of a distributedcomputing environment is a grid computing environment in which multiple,possibly heterogeneous and/or geographically dispersed, computingdevices are connected over conventional network(s) to perform a commontask or goal. In various distributed computing environments, theinformation transferred between the various computing devices may bepulled or pushed across the transmission medium that connects thecomputing devices.

FIG. 4 illustrates an example synthesizer system 400 which may be usedby the techniques and methods described herein to encode sequencesassigned to DNA keys into DNA oligos. In some embodiments, oligosynthesizer system 400 may be a high throughput, large scale instrumentcapable of simultaneously synthesizing up to 48, 92, 192 oligos (ormore) in quantities that may range from 2 μMole to several MilliMoles.Oligo synthesizer system 400 is configured to facilitate the joining ofsingle nucleotides (or bases) to form oligos having user-specifiedsequences. Examples of such oligo synthesizer system include the ABI3900High-Throughput DNA Synthesizer and Agilent's Oligo Library Synthesismicroarray platform (SurePrint), but it is noted that various oligosynthesizer systems available on the market may be suitable forimplementing the techniques described herein.

Oligo synthesizer system 400 includes a synthesizer 402 that iscommunicatively and/or operatively coupled to computer system 440.Synthesizer 402 includes amidite banks 404, reagent banks 406, synthesischamber 408, and control panel 410. Various fluidic lines, tubing,valves, and other fluidic connections may be used to connect amiditebanks 404 and reagent banks 406 to synthesis chamber 408. Amidite banks404 may be bottles or other containers that store amidates (e.g., suchas phoramidites) for the each of the bases “A”, “C”, “G”, “T”, “U” andother bases (e.g., inosine or synthetic/unnatural bases) that may beused. Reagent banks 406 are used to store various reagents, chemicals,and dyes that are needed during oligo synthesis. For example, reagentbanks 406 may be bottles or other containers that store varioussolutions and mixtures such as, for example, tetrazole-acetonitrile,1-methyllimidazole-tetrahydrofuran, acetic anhydride-pyridine,iodine-pyridine, etc.

Synthesis chamber 408 is configured to receive solid supportstructure(s) in which oligos are generated. In some embodiments, thesolid support structure may be a cartridge (or plate) with columns,where a column may be a vial that is specifically designed to work withthe particular synthesizer system. For example, the cartridge/plate maybe designed to hold a number of columns (e.g., 48, 96, 192, etc.), eachof which may be used to produce a different oligo within the same cycle.Each column may be prepped prior to oligo synthesis, e.g., by beingprovided with a first base of an oligo sequence linked to some solidsupport or bead disposed in the column. In some embodiments, the solidsupport structure may be a microarray that is designed for in situsynthesis process that “prints” oligos base-by-base. For example, aninkjet-like printing process may be used to deposit nucleotide/oligomonomers onto specific spots in the microarrays, which enables theaccurate delivery of small volumes (e.g., picoliters) of the amidites,reagents and other chemicals needed to generate the oligos. Synthesischamber 408 may also include robotic arms, rails, sleeves or othersuitable mechanical and/or electro-mechanical components that areconfigured to position the dispense tips or nozzles with respect to thesolid support structure(s) (e.g., cartridges, microarrays, etc.), washlines, and waste lines in order to receive and drain amidates, reagents,chemicals, and other fluids during the oligo generation cycles. Controlpanel 410 may include various buttons, pressure gauges, and controlelements that allow a user to operate synthesizer 402.

In some embodiments, synthesizer 402 may be in fluidic connection withbulk reagent containers 420 and waste containers 430. Bulk reagentcontainers 420 may be bottles or other containers that store variouschemicals used during operation. For example, a bulk container 420 maybe used to store argon or other inert material that is used to flush thefluidic lines and the columns used in synthesis chamber 408. Wastecontainers 430 may be bottles or other suitable containers that are usedto store any waste fluids that are pumped, drained, or otherwisetransferred out of synthesis chamber 408. Synthesizer 402 may alsoinclude various other components such as motors, sensors, valves,connectors, etc., that are configured to pump fluids in and out of thevarious components of the synthesizer.

Computer system 440 is a suitable computing device and may becommunicatively coupled to a network 416. Examples of such computersystem and network are described above with respect to FIG. 3, but it isnoted that any suitable computer system (e.g., a personal system or anembedded system) may be used to implement various aspects of thetechniques described herein. Referring to FIG. 4, computer system 440 isconfigured to execute software programs that control the operation ofsynthesizer 402 to generate oligos in accordance with the techniquesdescribed herein. For example, computer system 440 may be configuredwith a suitable software program or application that provides agraphical user interface for entry of information about the oligos thatneed to be generated by synthesizer system 400. Through the userinterface, a user may enter or otherwise specify the sequences assignedto a particular DNA key and/or a path to file(s) which store the desiredsequences and any other instructions relevant to encoding the sequencesinto DNA oligos.

In operation, synthesizer system 400 may use a cycle-based protocol togenerate oligos having DNA sequences that are entered by a user or arespecified in files (or other suitable data structures) accessible bycomputer system 440. A cycle may be specified by instructions stored infile(s) or other suitable data structure(s), which instructions controland direct synthesizer 402 what steps to perform during the generationof an oligo in a given cartridge column or a given a microrarray spot. Aseries of cycles may be programmed by using suitable software that isexecuted in computer system 440. In order to incorporate a nucleotidebase into a growing oligo, during a cycle a synthesizer may perform aseries of steps by applying the appropriate amidites, reagents, andother chemicals on a cartridge column or a microrarray spot. Dependingon the various types of synthesis, such steps may include: a de-blockingstep that produces a free 5′-terminal hydroxyl group in the growingoligos; a coupling step that applies an amidite with the desired base tothe free 5′-terminal hydroxyl group; a capping step that applies anappropriate reagent to block any unreacted 5′-terminal hydroxyl groupsin the growing oligos; an oxidation step that applies an appropriate(e.g., iodine-based) solution to cap any newly-formed phosphate linkagesof the growing oligos; a protection step that applies the appropriatereagent(s) to complete the nucleotide chains of the growing oligos; anda cleaving step that applies the appropriate reagent(s) to cleave thegenerated oligos from their solid support structure(s) and/or totransfer the oligos in appropriate vials. According to the techniquesdescribed herein, computer system 440 and the software executing thereoncontrol and direct synthesizer 402 to generate a set of DNA oligos thatrepresent the sequences assigned to aDNA key.

In an example security mechanism according to the techniques describedherein, a bank (or other key-issuing institution) may order a set of DNAoligos from a lab that is proficient and/or certified in DNA synthesis.Alternatively, in order to increase security, the bank (or otherkey-issuing institution) may purchase and operate DNA synthesizersystems as described heretofore. In any case, after the set of sequencesrepresenting the code for a DNA key are designed, the set of sequencesis synthesized into a set of DNA oligos. A DNA solution to fill the keyis then prepared and transferred into the physical device (key). Forexample, the DNA solution may be prepared from the synthesized DNAoligos by mixing them in the desired proportions. In addition, an amountof the prepared DNA solution may be stored securely by the key-issuinginstitution for comparison and other purposes. An amount of the preparedDNA solution is then transferred into the physical key—e.g., viapressurized inlets of the key or other suitable conduits.

FIG. 5 illustrates an example DNA sequencing system 500 which may beused to implement the techniques and methods described herein tosequence DNA oligos acquired from a biological sample received from aDNA key. In some embodiments, DNA sequencing system 500 may be a highthroughput instrument capable of sequencing oligos by using any suitablenext generation sequencing (NGS) technology. Examples of such DNAsequencing systems include, without limitation, the MiSeq, HiSeq andNextSeq sequencers manufactured by Illumina, Inc., and Ion Protonsystems manufactured by Life Technologies, Inc. It is noted, however,that various other commercial DNA sequencing systems may be suitable forimplementing the techniques described herein.

For example, DNA sequencing systems provided by Illumina, Inc. arefluorescent-based, and due to the relatively long processing time (e.g.,˜5 minutes per cycle of sequencing) may not be appropriate forimplementing the herein-described security mechanisms as a real-timesystem that requires extremely high turn-around times (e.g., such as afew minutes). However, fluorescent-based DNA sequencing systems may beuseful and very practical for security contexts that do not require highturn-around times. Also, as DNA sequencing technology advances, theacquisition time per cycle of various sequencing systems is generallyimproved (e.g., from minutes to seconds), thereby making such sequencingsystems more useful and practical for implementing thebiochemically-enabled security mechanisms described herein. Currently,electronic-based DNA sequencing systems (which have very fastsignal/date acquisition rates) are appropriate and practical forsecurity systems that require short turn-around times. One example ofsuch electronic-based DNA sequencing systems is the Ion Torrent familyof sequencers provided by Life Technologies, Inc. (now Thermo FisherScientific). Further, at least one electronic-based DNA sequencingsystem that operates based on nanopore technology is in the last stageof development (e.g., a family of sequencing devices developed by OxfordNanopore Technologies). As fast acquisition time is essential inestablishing a quick transaction between acquiring the information in aDNA key and verifying/validating the acquired information against thesecurity information stored at the key-processing institution (e.g.,such as bank), nanopore-based sequencing technologies have a greatpromise for rapid readout and thus are particularly useful forimplementing the security mechanisms described herein.

Referring to FIG. 5, DNA sequencing system 500 includes a sequencingdevice (sequencer) 502 that is communicatively and/or operativelycoupled to computer system 520. Sequencer 502 includes compartments thatcan accept flow cell(s) or slides 504 with the oligos being sequenced(target oligos), cartridge(s) 506 with the sequencing reagents andbuffers used during sequencing, and detection instrument 508 whichperforms the sequencing. Various fluidic lines, tubing, valves, andother fluidic connections may be used to connect the compartments withflow cell(s) or slides 504 and cartridge(s) 506 to detection instrument508. A flow cell 504 may include a housing that encloses a solid support(e.g., a microarray, a chip, beads, etc.), with one or more ports beingprovided for loading the target oligos into the flow cell and foradministering the various reagents and buffers during sequencing cycles.In some sequencing systems, the target oligos may be pre-processed intolibraries by applying thereto various chemical steps such as denaturing,diluting, etc. A cartridge 506 is used to store various sequencingreagents, buffers, chemicals, as well as any waste that are needed orproduced during sequencing. For example, a cartridge 506 may includesuitable storage reservoirs that store denaturation agents (e.g.,formamide), wash solutions, probes, etc.

Detection instrument 508 is configured to detect the DNA sequences ofthe target oligos and to generate raw reads 509. In various embodiments,detection instrument 508 may utilize various sequencing mechanisms suchas, for example, sequencing by synthesis, sequencing by ligation,sequencing by hybridization, etc., where such mechanisms may be employedin massively-parallel fashion in order to increase throughput. Further,in various embodiments detection instrument 508 may detect the DNA basesof the target oligos by using optical-based detection,semiconductor-based (or electronic) detection, electrical-based (e.g.,nanopore) detection, etc. In various embodiments, detection instrument508 may also include various suitable mechanical and/orelectro-mechanical components that may be configured to position theflow cell 504 at the beginning and/or during sequencing.

Computer system 520 is a suitable computing device and may becommunicatively coupled to a network 516. Examples of such computersystem and network are described above with respect to FIG. 3. Referringto FIG. 5, computer system 520 is configured to execute softwareprograms that control the operation of sequencer 502 to generate thereads 509 that represent the DNA sequences of the target oligos, inaccordance with the techniques described herein. For example, computersystem 520 may be configured with suitable software program(s) orapplication(s) that control the various sequencing cycles performed bysequencer 502. In addition, in some embodiments computer system 520 maybe further configured to perform various post-sequencing steps inaccordance with the techniques described herein such as, for example,performing error detection/correction on reads 509, assembling longerreads from the generated reads 509, etc.

In operation, computer system 520 controls the operation of DNAsequencing system 500. Sequencing system 500 is first loaded with flowcell(s) or slides 504 that contain the target oligos and with thesequencing cartridge(s) 506. According to the techniques describedherein, the target oligos are acquired from a biological sample that isreceived/extracted from a DNA key. Prior to and/or after loading theflow cells/slides, the target oligos may be amplified (e.g., by usingpolymerase chain reaction, PCR) in order to preserve a sufficient amountfor each read. Then, sequencing system 500 performs its sequencingcycles and generates sequencing reads 509 that represent the DNAsequences of the target oligos. A read is generally a sequence of datavalues that represent (fully or partially) the DNA sequence of acorresponding target oligo. Depending on the processing software used bythe sequencing system, in some implementations the reads 509 may befurther assembled into longer read sequences that represent theinformation encoded in the target oligos.

Computer system 520 and the software executing thereon may then performthe steps and operations of the decoding mechanism described herein. Forexample, in some embodiments, computer system 520 and the softwareexecuting thereon may bin the set of read sequences (RS), whichrepresent the DNA oligos of the received DNA key, to obtain a set offiltered sequences (FS). The computer system 520 and the softwareexecuting thereon then compares the set of FS to the superset of thesets of expected sequences (ES) for the issued keys, in order todetermine whether the set of FS represents a valid key. If the computersystem 520 and the software executing thereon find a match (or otherpre-defined equivalency) between any set of ES and the set of FS thatrepresents the presented DNA key, then a determination is made that thepresented DNA key is valid and access to the resource requested with thekey is granted. Otherwise, if the set of FS does not match any of thesets of ES, access to the requested resource is denied.

EXAMPLE 1 Method for Encoding a DNA Key

FIG. 6 is a flow diagram illustrating an example method for encoding aDNA key. The steps of the method in FIG. 6 are described as beingperformed, at least partially, by a DNA synthesizer system. It is noted,however, that various implementations and embodiments may use various,and possibly different, systems to perform the steps of the method inFIG. 6. For example, in various embodiments a DNA-key enabled system maybe configured with software instructions which, when executed by one ormore processors, are operable to control and instruct one or moresystems (or components thereof) to perform the steps of the method inFIG. 6 automatically and without user intervention. In another example,in various embodiments the steps of the method in FIG. 6, and/or anyoperations thereof, may be performed by multiple different systems thatmay or may not operate under common control. Thus, the descriptionhereinafter of the method in FIG. 6 is to be regarded in an illustrativerather than a restrictive sense.

Referring to FIG. 6, in step 602 a code is assigned to a key in a designphase. The code is a set of DNA sequences that may be generatedmanually, automatically, or in any suitable combination thereof thatallows for generating secure information. For example, in someembodiments the DNA sequences comprised in a code may be manuallyselected from a predefined table by a user. In another example, the DNAsequences may be automatically generated by a computer system in arandom or pseudo-random manner (where the computer system may or may notbe configured to exclude any difficult-to-synthesize sequences). As partof the design phase, the set of DNA sequences assigned to the key may bestored in a security system as the set of expected sequences for thekey. Further, as part of the design phase, error detection and/or errorcorrection codes may also be designed into the structure of the DNAsequences assigned to the key. For example, such errordetection/correction codes may be specific sequences of bases that allowfor detecting/correcting errors in read sequences obtained by DNAsequencing of DNA oligos.

In step 604, a set of DNA oligos is synthesized based on the set of DNAsequences that comprise the code assigned to the key. For example, a DNAsynthesizer system may generate (as described heretofore) a set of DNAoligos that represent the sequences assigned to the key.

In step 606, the synthesized set of DNA oligos are mixed into a DNAsolution that represents the code for the key in a biochemical form. Forexample, standard lab equipment may be used (e.g., manually and/orautomatically) to mix the synthesized DNA oligos in the desiredproportions. Alternatively, in some embodiments the synthesized DNAoligos may be provided to the user/owner of the key in suitablecontainers (e.g., tubes, vials, etc.), with instructions for theuser/owner on how to mix the oligos on his/her own into the DNA solutionfor the key.

In step 608, the DNA solution is then transferred (e.g., injected) intothe key. For example, standard lab equipment may be used (e.g., manuallyand/or automatically) to transfer into a microfluid chamber of the keyan amount of the prepared DNA solution via pressurized inlets of the keyor other suitable conduits.

In step 610, the key may be refilled with the DNA solution if needed.For example, when the DNA solution reaches a certain minimum in the key,an indicator (e.g., a marker on the microfluid chamber thereof) can makethe user aware of the need to refill the key. Since minute amounts ofDNA material is needed for DNA sequencing, it is possible to design keyswith chambers that are large enough to store material for millions ofuses, and therefore avoid the need for a refill.

EXAMPLE 2 Method for Providing Secure Access

In an example operational context, a user/owner of a DNA key wouldpresent the key when requesting access to a resource controlled by asecurity system. For example, a bank customer may present his/her DNAkey and request access to a deposit box. In order to determine whetherto grant or deny the requested access, the security system may perform(or cause to be performed) the steps of the method in FIG. 7.

FIG. 7 is a flow diagram illustrating an example method for providingsecure access in a biochemically-enabled security system, in accordancewith the techniques described herein. The steps of the method in FIG. 7are described as being performed, at least partially, by a DNAsequencing system and a computer system. It is noted, however, thatvarious implementations and embodiments may use various, and possiblydifferent, systems to perform the steps of the method in FIG. 7. Forexample, in various embodiments a DNA-key enabled system may beconfigured with software instructions which, when executed by one ormore processors, are operable to control and instruct one or moresystems (or components thereof) to perform the steps of the method inFIG. 7 automatically and without user intervention. In another example,in various embodiments the steps of the method in FIG. 7, and/or anyoperations thereof, may be performed by multiple different systems thatmay or may not operate under common control. Thus, the descriptionhereinafter of the method in FIG. 7 is to be regarded in an illustrativerather than a restrictive sense.

Referring to FIG. 7, in step 702 a set of DNA oligos is sequenced toobtain a set of read sequences (RS), where the set of DNA oligos iscontained in a biological sample received from a key. For example, asecurity system (and/or a sample-processing device thereof) may receivethe biological sample through extraction or injection from the key.Prior to sequencing, the security system (or a subsystem thereof) mayamplify the set of DNA oligos in the biological sample (e.g., by usingPCR) in order to preserve a sufficient amount for sequencing. Theresulting target DNA oligos are then provided to a DNA sequencer orsequencing system, which sequences the oligos to obtain thecorresponding set of read sequences (RS).

If error detection/correction codes are included in the set of DNAoligos during encoding, then in step 704 such detection/correction canbe used to detect/correct errors in the acquired read sequences. Forexample, a computer system may execute program(s) or other executableinstructions (e.g., scripts) in order to determine whether there are anyerrors in the acquired read sequences that were caused during DNAsynthesizing or DNA sequencing, and if so to correct any such errors.

In step 706, the set of read sequences (RS) is filtered to obtain a setof filtered sequences (FS), according to some embodiments. This provideseffective immunity to noise that may be introduced in the set of RSbecause of synthesizing and/or sequencing errors. For example, acomputer system may execute program(s) or other executable instructions(e.g., scripts) in order to bin the set of read sequences (RS) intobins, where each bin is associated with the same read sequence. The binswith the highest counts of read sequences are then identified based on athreshold value. By way of example, the set of FS may include the readsequences from those bins whose counts exceed the threshold value.

In step 708, the set of FS is compared to sets of expected sequences(ES) that are assigned to respective keys issued in the security system.For example, the set of FS is compared with the sets of ES in order todetermine whether the set of FS represents a valid key. In someembodiments, this comparison step may be performed by comparing the setsof ES with the set of RS instead of with the set of FS. To determinewhether the DNA key presented to the security system is valid, acomputer system may search the search space (e.g., all the sets of ES inthe system) for a match between any set of ES and the set of FS/RS thatrepresents the DNA key. In some embodiments, a match should be found forno more than one key—that is, the computer system would determine thekey as valid when only one set from the sets of ES would be exactlyequal to the set of FS/RS. In other embodiments, instead of using anexact match, the computer system would determine the key as valid when agiven set of ES (from the search space) is found to be a subset of theset of FS/RS.

In step 710, access to the resource requested with the key is denied orgranted based on whether the set of FS/RS matches with any set of ES.For example, if in step 708 the computer system determines that the setof FS/RS matches with a set of ES (e.g., the presented DNA key isvalid), then in step 710 the computer system would grant access to therequested resource. Otherwise, if in step 708 the computer systemdetermines that the set of FS/RS does not match with any set of ES(e.g., the presented DNA key is not valid), then in step 710 thecomputer system would deny access to the requested resource.

Although the steps and operations of the method(s) herein are shown anddescribed in a particular order, in some embodiments the order of thesteps and/or operations of each method may be altered so that certainsteps and/or operations may be performed in an inverse order or so thatcertain step and/or operation may be performed, at least in part,concurrently and/or in parallel with other steps and/or operations. Inother embodiments, sub-steps and/or sub-operations of distinct stepsand/or operations may be performed in an intermittent and/or alternatingmanner.

In the foregoing specification, the invention has been described withreference to specific exemplary embodiments thereof. It will, however,be evident that various modifications and changes may be made theretowithout departing from the broader spirit and scope of the invention asset forth in the appended claims. The specification and drawings are,accordingly, to be regarded in an illustrative sense rather than arestrictive sense.

What is claimed is:
 1. A method for controlling access to a resource,the method comprising: receiving a biological sample from a key, whereinthe biological sample includes a set of deoxyribonucleic acid (DNA)oligos that are synthesized to represent a designed code associated withthe key; sequencing the set of DNA oligos to obtain a set of readsequences (RS), wherein sequencing is performed at less than fourminutes per cycle of sequencing; filtering the set of RS based on countsof sequences in the set of RS, to identify a set of filtered sequences(FS); comparing the set of FS to sets of expected sequences (ES),wherein the sets of ES are associated with respective issued keys; andgranting or denying access to the resource based on whether the set ofFS matches with any set from the sets of ES.
 2. The method of claim 1,further comprising performing error detection or error correction on theset of RS.
 3. The method of claim 1, wherein filtering the set of RScomprises binning the set of RS into bins, wherein each bin has arespective count of sequences therein.
 4. The method of claim 3, whereinfiltering the set of RS further comprises identifying the set of FSbased on those bins whose counts are greater than a threshold value. 5.The method of claim 1, wherein comparing the set of FS to the sets of EScomprises determining whether the set of FS is equal to at least one setof ES.
 6. The method of claim 1, wherein comparing the set of FS to thesets of ES comprises determining whether at least one set of ES is asubset of the set of FS.
 7. The method of claim 1, wherein the codeassociated with the key is designed to include multiple sequences. 8.The method of claim 7, wherein the number of the multiple sequences isin a range between 2 and 2000, inclusive.
 9. The method of claim 1,wherein the key is a master-key, and the set of DNA oligos represents Mcodes associated with each of K keys, wherein M and K are numbersgreater than
 1. 10. The method of claim 9, wherein the set of RSincludes M*K clusters of sequences, each cluster having a respectivecount of sequences therein.
 11. The method of claim 10, furthercomprising validating the set of RS by computing a ratio between thecounts of any two clusters.
 12. The method of claim 10, furthercomprising validating the master-key, wherein validating the master-keycomprises: comparing the count of each cluster to a first thresholdvalue in order to determine valid sequences; and determining whether themaster-key is valid by comparing the number of the valid sequences to asecond threshold value.
 13. The method of claim 10, further comprisingvalidating the master-key, wherein validating the master-key comprises:computing a percent of impurity for the set of RS; and determiningwhether the master-key is valid by comparing the percent of impurity toa threshold value.
 14. The method of claim 9, wherein M is equal to 3and K is equal to
 5. 15. The method of claim 1, wherein the codeassociated with the key includes multiple sequences, and the set of DNAoligos is synthesized based on the multiple sequences.
 16. The method ofclaim 1, wherein the code associated with the key includes a passwordsequence, and the set of DNA oligos is synthesized to include an oligorepresenting the password sequence.
 17. The method of claim 16, furthercomprising: determining whether the password sequence is included in theset of RS; and determining that the key is invalid when the passwordsequence is not included in the set of RS.
 18. The method of claim 1,further comprising receiving and attempting to verify one or more of anelectronic password, a fingerprint, and a retina scan, whereinsequencing the set of DNA oligos is performed only after or before theone or more of the electronic password, the fingerprint, and the retinascan are verified.
 19. The method of claim 1, wherein the codeassociated with the key includes multiple sequences derived from agenome of a human person.
 20. The method of claim 1, further comprising:applying a ligase to the biological sample in order to ligate oligosfrom the set of DNA oligos; after sequencing the set of DNA oligos,determining the lengths of the sequences included in the set of RS; andvalidating the set of DNA oligos based on the determined lengths.